From e8c3110e957e1d8390290c0f72780370210cc153 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Tue, 14 May 2024 14:18:02 +0000 Subject: [PATCH 1/2] update(falco): add deprecation notice for -T, -t and -D Signed-off-by: Luca Guerra --- userspace/falco/app/options.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/userspace/falco/app/options.cpp b/userspace/falco/app/options.cpp index 7e5bf277280..ff682ff3001 100644 --- a/userspace/falco/app/options.cpp +++ b/userspace/falco/app/options.cpp @@ -149,7 +149,7 @@ void options::define(cxxopts::Options& opts) #endif ("disable-source", "Turn off a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times, but turning off all event sources simultaneously is not permitted. This option can not be mixed with --enable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(disable_sources), "") ("dry-run", "Run Falco without processing events. It can help check that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false")) - ("D", "Turn off any rules with names having the substring . This option can be passed multiple times. It cannot be mixed with -t.", cxxopts::value(disabled_rule_substrings), "") + ("D", "DEPRECATED: use -o rules[].disable.rule= instead. Turn off any rules with names having the substring . This option can be passed multiple times. It cannot be mixed with -t.", cxxopts::value(disabled_rule_substrings), "") ("enable-source", "Enable a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. When using this option, only the event sources specified by it will be enabled. This option can not be mixed with --disable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(enable_sources), "") #ifdef HAS_GVISOR ("gvisor-generate-config", "Generate a configuration file that can be used for gVisor and exit. See --gvisor-config for more details.", cxxopts::value(gvisor_generate_config_with_socket)->implicit_value("/run/falco/gvisor.sock"), "") @@ -170,8 +170,8 @@ void options::define(cxxopts::Options& opts) ("r", "Rules file or directory to be loaded. This option can be passed multiple times. Falco defaults to the values in the configuration file when this option is not specified.", cxxopts::value>(), "") ("S,snaplen", "Collect only the first bytes of each I/O buffer for 'syscall' events. By default, the first 80 bytes are collected by the driver and sent to the user space for processing. Use this option with caution since it can have a strong performance impact.", cxxopts::value(snaplen)->default_value("0"), "") ("support", "Print support information, including version, rules files used, loaded configuration, etc., and exit. The output is in JSON format.", cxxopts::value(print_support)->default_value("false")) - ("T", "Turn off any rules with a tag=. This option can be passed multiple times. This option can not be mixed with -t.", cxxopts::value>(), "") - ("t", "Only enable those rules with a tag=. This option can be passed multiple times. This option can not be mixed with -T/-D.", cxxopts::value>(), "") + ("T", "DEPRECATED: use -o rules[].disable.tag= instead. Turn off any rules with a tag=. This option can be passed multiple times. This option can not be mixed with -t.", cxxopts::value>(), "") + ("t", "DEPRECATED: use -o rules[].disable.rule=* -o rules[].enable.tag= instead. Only enable those rules with a tag=. This option can be passed multiple times. This option can not be mixed with -T/-D.", cxxopts::value>(), "") ("U,unbuffered", "Turn off output buffering for configured outputs. This causes every single line emitted by Falco to be flushed, which generates higher CPU usage but is useful when piping those outputs into another process or a script.", cxxopts::value(unbuffered_outputs)->default_value("false")) ("V,validate", "Read the contents of the specified file(s), validate the loaded rules, and exit. This option can be passed multiple times to validate multiple files.", cxxopts::value(validate_rules_filenames), "") ("v", "Enable verbose output.", cxxopts::value(verbose)->default_value("false")) From ebffe10412210257cef4e779fe3f5d544371452f Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Tue, 14 May 2024 16:30:42 +0000 Subject: [PATCH 2/2] update(falco): add deprecation warning messages Signed-off-by: Luca Guerra Co-authored-by: Federico Di Pierro Co-authored-by: Melissa Kilby --- userspace/falco/app/options.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/userspace/falco/app/options.cpp b/userspace/falco/app/options.cpp index ff682ff3001..fa2f016760a 100644 --- a/userspace/falco/app/options.cpp +++ b/userspace/falco/app/options.cpp @@ -98,6 +98,7 @@ bool options::parse(int argc, char **argv, std::string &errstr) // Convert the vectors of enabled/disabled tags into sets to match falco engine API if(m_cmdline_parsed.count("T") > 0) { + falco_logger::log(falco_logger::level::WARNING, "The -T option is deprecated and will be removed in Falco 0.39.0. Use -o rules[].disable.tag= instead."); for(auto &tag : m_cmdline_parsed["T"].as>()) { disabled_rule_tags.insert(tag); @@ -106,12 +107,18 @@ bool options::parse(int argc, char **argv, std::string &errstr) if(m_cmdline_parsed.count("t") > 0) { + falco_logger::log(falco_logger::level::WARNING, "The -t option is deprecated and will be removed in Falco 0.39.0. Use -o rules[].disable.rule=* -o rules[].enable.tag= instead."); for(auto &tag : m_cmdline_parsed["t"].as>()) { enabled_rule_tags.insert(tag); } } + if(disabled_rule_substrings.size() > 0) + { + falco_logger::log(falco_logger::level::WARNING, "The -D option is deprecated and will be removed in Falco 0.39.0. Use -o rules[].disable.rule= instead."); + } + // Some combinations of arguments are not allowed. // You can't both disable and enable rules